The present invention relates to object oriented programming. More specifically, the present invention relates to a secure method of communication between untrusted JAVA(trademark) objects.
JAVA(trademark) is a portable language that generates intermediate code that can be downloaded and run on a machine with a JAVA(trademark) interpreter. The portability of JAVA(trademark) applets allows processing to be off-loaded to a local system that has the potential capability of performing the processing at a faster rate than the source of the applet.
Because applets are designed to be loaded from a remote site and then executed locally, security is an important issue. In order to prevent untrusted code from damaging the local system, web browsers with JAVA(trademark) interpreters often implement safeguards that restrict what applets can do. Some safeguards include, preventing applets from running any local executable program and preventing applets from communicating with any host other than their originating host. Other safeguards include preventing applets from reading or writing the local computer""s file system and preventing applets from finding information about the local client system other than the JAVA(trademark) version used, the name and version of the operating system, the characters used to separate files, paths, and lines.
The safeguards implemented by web browsers, however, are ineffective in providing a secure method of communication between untrusted objects from the untrusted code and objects in the local system. The safeguards implemented by current web browsers allow trusted objects to communicate with other trusted objects in the local system by making direct method calls directly on the objects in the local system. Direct method calls are messages from one object to another that request the receiving object to carry out one of its methods. A direct method call typically consists of three parts: a reference to the receiver object, the name of the method in the receiver object to be executed, and any parameters that the method may require to fulfill its charge. If untrusted objects were allowed to make direct method calls to other objects in the local system, untrusted objects could potentially do damage to a file system, a network, invoke methods in an inappropriate manner, or negatively affect other parts of the local system.
Thus, a method for inter-object communication among objects that minimizes the dangers associated with allowing untrusted objects to make direct method calls is desired.
A method of communication between a first object and a second object is disclosed. A first direct method call is made on an intermediary object from the first object. The first direct method call contains information regarding a location in memory of the intermediary object instead of a location in memory of the second object and a name of the method to be called on the second object. The name of the method to be called on the second object is delivered from the intermediary object to a message queue object. The name of the method to be called on the second object is accessed from the message queue object by the second object.
A method for requesting a channel of communication with a receiver object via a trusted intermediary is disclosed. A first direct method call is made to a session object to request a channel with the receiver object. A location in memory of a channel object is received from the session object on behalf of the receiver object.
A method of allocating a channel of communication is disclosed. A direct method call is received from a session object on behalf of a sender object requesting a channel of communication. The direct method call contains an object identifier (ID) of the sender object. A degree of access to grant the sender object is determined. A channel object with the degree of access appropriate for the sender object is created. A location in memory of the channel object is returned to the session object.
A method for arbitrating a channel of communication between a first object and a second object is disclosed. A first direct method call is received from the first object requesting a channel of communication with the second object. The first direct method call contains an object identifier (ID) of the first object and the second object. A second direct method call is made to the second object requesting the channel of communication on behalf of the first object. A location in memory of a channel object is received from the second object. The location in memory of the channel object is sent to the first object.